Cisco SSFRULES – Securing Cisco Networks with Snort Rule Writing Best Practices

In this course you will learn about the Snort language and writing rules. You will begin with basic rule syntax and structure and advance to more complex rule-option usage, packet captures and practice what you have learned.

The focus of this course will be on hands-on experience with detecting certain types of attacks and using different types of rule-writing techniques.

Who needs to attend

Who needs to attend?
This course is aimed at security administrators, security consultants, netwokr administrators, system engineers and technical support personne.

what you will learn

What you will learn
Upon completion you will know how to:

Understand rule structure, rule syntax, rule options, and their usage
Configure and create Snort rules
Understand the rule optimization process to create efficient rules
Understand preprocessors and how data is presented to the rule engine
Create and implement functional regular expressions in Snort rules
Design and apply rules using byte_jump/test/extract rule options
Understand the concepts behind protocol modeling to write rules that perform better


Students need to have:

Technical understanding of TCP/IP networking and network architecture
Working knowledge of how to use and operate Cisco Sourcefire® Systems or open source Snort
Working knowledge of command-line text editing tools, such as the vi editor
Basic rule-writing experience is suggested

Course outline

Course Outline

1. Welcome to the Sourcefire Virtual Network
2. Basic Rule Syntax and Usage
3. Rule Optimization
4. Using PCRE in Rules
5. Using Byte_Jump/Test/Extract Rule Options
6. Protocol Modeling Concepts and Using Flowbits in Rule Writing
7. Case Studies in Rule Writing and Packet Analysis
8. Rule Performance Monitoring
9. Rule Writing Practical Labs, Exercises, and Challenges

Follow on
There are no follow-ons for this course.

Certification programs
There are no certifications associated with this course.